SlideShare una empresa de Scribd logo

The Zero Trust Model of Information Security

Descargar como PPTX, PDF
Tripwire
Tripwire

In today’s IT threat landscape, the attacker might just as easily be over the cubicle wall as in another country. In the past, organizations have been content to use a trust and verify approach to information security, but that’s not working as threats from malicious insiders represent the most risk to organizations. Listen in as John Kindervag, Forrester Senior Analyst, explains why it’s not working and what you can do to address this IT security shortcoming. In this webcast, you’ll hear: Examples of major data breaches that originated from within the organization Why it’s cheaper to invest in proactive breach prevention—even when the organization hasn’t been breached What’s broken about the traditional trust and verify model of information security About a new model for information security that works—the zero-trust model Immediate and long-term activities to move organizations from the "trust and verify" model to the "verify and never trust" model

Tecnología
1 de 37
The Zero Trust Model of Information Security
John Kindervag Forrester Research Cindy Valladares Tripwire, Inc.
Today’s Speakers Senior Analyst
No More Chewy Centers: The Zero-Trust Model Of Information Security John Kindervag, Senior Analyst 4 © 2010 Forrester Research, Inc. Reproduction Prohibited 2009
Agenda New threat landscape Something’s broken New trust models Summary 5 © 2010 Forrester Research, Inc. Reproduction Prohibited
Agenda New threat landscape Something’s broken New trust models Summary 6 © 2010 Forrester Research, Inc. Reproduction Prohibited
What do they have in common? 7 © 2010 Forrester Research, Inc. Reproduction Prohibited
New threat landscape  Question: “Why do you rob banks?”  Answer: “Because that’s where the money is.” 8 © 2010 Forrester Research, Inc. Reproduction Prohibited
Where the money is . . .  Credit card theft  Identity theft/fraud  SPAM/botnets  Web 2.0 (user-generated content) 9 © 2010 Forrester Research, Inc. Reproduction Prohibited
The “Philip Cummings” problem  Philip Cummings was a help desk staffer at TeleData Communication, Inc. (TCI), 1999 to 2000.  TCI is a software provider for credit bureaus such as Experian and Equifax.  Cummings had access to client passwords and subscription codes. 10 © 2010 Forrester Research, Inc. Reproduction Prohibited
The “Philip Cummings” problem (cont.)  Cummings was offered $60 per credit report by Nigerian nationals (organized crime).  Cummings provided a laptop preprogrammed to download credit reports from Experian, Equifax, and TransUnion.  The crimes took place between 2000 and 2003 (Cummings left his job in 2000). 11 © 2010 Forrester Research, Inc. Reproduction Prohibited
The “Philip Cummings” problem (cont.)  Discovered by Ford Motor Credit Company in 2003  30,000 identities stolen  At least $2.7 million loss (FBI data)  Cummings sentenced to 14 years in prison and $1 million fine  Biggest identity theft in US history 12 © 2010 Forrester Research, Inc. Reproduction Prohibited
13 © 2010 Forrester Research, Inc. Reproduction Prohibited
14 © 2010 Forrester Research, Inc. Reproduction Prohibited
Agenda New threat landscape Something’s broken New trust models Summary Other item 15 © 2010 Forrester Research, Inc. Reproduction Prohibited
Plenty of controls Home Users Internet Business Parters Remote Wireless Users IDS Tap Router Firewall IPSEC VPN SSL VPN Two-Factor Switch IDS Tap Web Application Authentication Firewall Web Server Farm IDS Tap Patch RNA Console Management IDS Tap IDS Tap Content Filtering FTP Server Email Server Intrusion Security Switch Detection Information Server DMZ Console Manager Switch Wireless Gateway Wireless Anti-Virus Management Console IDS Tap Console Internal Users Management Segment Corporate Wireless Network Internal Server Farm 16 © 2010 Forrester Research, Inc. Reproduction Prohibited
What’s broken? 17 © 2010 Forrester Research, Inc. Reproduction Prohibited
Which one goes to the Internet? UNTRUSTED TRUSTED 18 © 2010 Forrester Research, Inc. Reproduction Prohibited
“Trust but verify?” 19 © 2010 Forrester Research, Inc. Reproduction Prohibited
What’s broken? Trust model 20 © 2010 Forrester Research, Inc. Reproduction Prohibited
2010 breaches — malicious insider 21 © 2010 Forrester Research, Inc. Reproduction Prohibited
The cost of a breach Source: April 10, 2007, “Calculating The Cost Of A Security Breach” Forrester report 22 © 2010 Forrester Research, Inc. Reproduction Prohibited
TJX accrued expenses (10k) — 2008 Source: January 11, 2010, “PCI Unleashed” Forrester report 23 © 2010 Forrester Research, Inc. Reproduction Prohibited
How do we fix it? 24 © 2010 Forrester Research, Inc. Reproduction Prohibited
Agenda New threat landscape Something’s broken New trust models Summary 25 © 2010 Forrester Research, Inc. Reproduction Prohibited
Zero trust UNTRUSTED UNTRUSTED 26 © 2010 Forrester Research, Inc. Reproduction Prohibited
Concepts of zero trust  All resources are accessed in a secure manner, regardless of location.  Access control is on a “need-to-know” basis and is strictly enforced.  Verify and never trust.  Inspect and log all traffic.  The network is designed from the inside out. 27 © 2010 Forrester Research, Inc. Reproduction Prohibited
Inspect and log everything IPS WAF IPS Web IPS Server farm farm WLAN GW IPS DAM DB farm IPS SIM NAV MGMT DAN server WAN 28 © 2010 Forrester Research, Inc. Reproduction Prohibited
29 © 2010 Forrester Research, Inc. Reproduction Prohibited
30 © 2010 Forrester Research, Inc. Reproduction Prohibited
Agenda New threat landscape Something’s broken New trust models Summary 31 © 2010 Forrester Research, Inc. Reproduction Prohibited
Strong perimeters = new threat vectors  The threat landscape is changing — beyond the perimeter.  Organized crime is bribing insiders.  Security must become ubiquitous throughout your infrastructure. 32 © 2010 Forrester Research, Inc. Reproduction Prohibited
Recommendations  New paradigm — data-centric security  Zero trust — “Verify, but don’t trust!”  Inspect and log all traffic.  Design with compliance in mind. 33 © 2010 Forrester Research, Inc. Reproduction Prohibited
A blueprint for making it real The next 90 days • Eliminate the word “trust” from your vocabulary. • Find your critical data, and map your data flows. • Tell people you will be watching their data access activity. • Review who should be allowed specific data access. 34 34 contents © 2010 Forrester Research,Reproduction Prohibited Entire © 2010 Forrester Research, Inc. Inc. All rights reserved.
A blueprint for making it real Longer term • Create a data acquisition network (DAN). • Segment your network to ease your security and compliance burden. • Begin rebuilding your network to reflect the zero-trust concepts. 35 35 contents © 2010 Forrester Research,Reproduction Prohibited Entire © 2010 Forrester Research, Inc. Inc. All rights reserved.
Thank you John Kindervag +1 469.221.5372 jkindervag@forrester.com Twitter: @Kindervag www.forrester.com © 2009 Forrester Research, Inc. Reproduction Prohibited
John Kindervag www.tripwire.com Forrester Research E-mail : jkindervag@forrester.com

Recomendados

Zero Trust
Zero TrustZero Trust
Zero Trust
Boaz Shunami
 
Zero Trust Model Presentation
Zero Trust Model PresentationZero Trust Model Presentation
Zero Trust Model Presentation
Gowdhaman Jothilingam
 
Zero Trust Model
Zero Trust ModelZero Trust Model
Zero Trust Model
Yash
 
Microsoft Zero Trust
Microsoft Zero TrustMicrosoft Zero Trust
Microsoft Zero Trust
David J Rosenthal
 
NIST Zero Trust Explained
NIST Zero Trust ExplainedNIST Zero Trust Explained
NIST Zero Trust Explained
rtp2009
 
Zero Trust Framework for Network Security​
Zero Trust Framework for Network Security​Zero Trust Framework for Network Security​
Zero Trust Framework for Network Security​
AlgoSec
 
What is zero trust model (ztm)
What is zero trust model (ztm)What is zero trust model (ztm)
What is zero trust model (ztm)
Ahmed Banafa
 
Zero Trust Network Access
Zero Trust Network Access Zero Trust Network Access
Zero Trust Network Access
Er. Ajay Sirsat
 

Recomendados

Zero Trust
Zero TrustZero Trust
Zero Trust
Boaz Shunami
 
Zero Trust Model Presentation
Zero Trust Model PresentationZero Trust Model Presentation
Zero Trust Model Presentation
Gowdhaman Jothilingam
 
Zero Trust Model
Zero Trust ModelZero Trust Model
Zero Trust Model
Yash
 
Microsoft Zero Trust
Microsoft Zero TrustMicrosoft Zero Trust
Microsoft Zero Trust
David J Rosenthal
 
NIST Zero Trust Explained
NIST Zero Trust ExplainedNIST Zero Trust Explained
NIST Zero Trust Explained
rtp2009
 
Zero Trust Framework for Network Security​
Zero Trust Framework for Network Security​Zero Trust Framework for Network Security​
Zero Trust Framework for Network Security​
AlgoSec
 
What is zero trust model (ztm)
What is zero trust model (ztm)What is zero trust model (ztm)
What is zero trust model (ztm)
Ahmed Banafa
 
Zero Trust Network Access
Zero Trust Network Access Zero Trust Network Access
Zero Trust Network Access
Er. Ajay Sirsat
 
[Round table] zeroing in on zero trust architecture
[Round table] zeroing in on zero trust architecture[Round table] zeroing in on zero trust architecture
[Round table] zeroing in on zero trust architecture
Denise Bailey
 
Zero trust deck 2020
Zero trust deck 2020Zero trust deck 2020
Zero trust deck 2020
Guido Marchetti
 
Zero trust in a hybrid architecture
Zero trust in a hybrid architectureZero trust in a hybrid architecture
Zero trust in a hybrid architecture
Hybrid IT Europe
 
Debunked: 5 Myths About Zero Trust Security
Debunked: 5 Myths About Zero Trust SecurityDebunked: 5 Myths About Zero Trust Security
Debunked: 5 Myths About Zero Trust Security
Centrify Corporation
 
Adopting A Zero-Trust Model. Google Did It, Can You?
Adopting A Zero-Trust Model. Google Did It, Can You?Adopting A Zero-Trust Model. Google Did It, Can You?
Adopting A Zero-Trust Model. Google Did It, Can You?
Zscaler
 
What is Zero Trust
What is Zero TrustWhat is Zero Trust
What is Zero Trust
Okta-Inc
 
Zero trust Architecture
Zero trust Architecture Zero trust Architecture
Zero trust Architecture
AddWeb Solution Pvt. Ltd.
 
MITRE ATT&CK Framework
MITRE ATT&CK FrameworkMITRE ATT&CK Framework
MITRE ATT&CK Framework
n|u - The Open Security Community
 
Threat Intelligence
Threat IntelligenceThreat Intelligence
Threat Intelligence
Deepak Kumar (D3)
 
What is zero trust model of information security?
What is zero trust model of information security?What is zero trust model of information security?
What is zero trust model of information security?
Ahmed Banafa
 
Threat Modeling In 2021
Threat Modeling In 2021Threat Modeling In 2021
Threat Modeling In 2021
Adam Shostack
 
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORKZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
Maganathin Veeraragaloo
 
Cloud security and security architecture
Cloud security and security architectureCloud security and security architecture
Cloud security and security architecture
Vladimir Jirasek
 
Identity & access management
Identity & access managementIdentity & access management
Identity & access management
Vandana Verma
 
PaloAlto Enterprise Security Solution
PaloAlto Enterprise Security SolutionPaloAlto Enterprise Security Solution
PaloAlto Enterprise Security Solution
Prime Infoserv
 
Vulnerability Management
Vulnerability ManagementVulnerability Management
Vulnerability Management
asherad
 
Security Training: #3 Threat Modelling - Practices and Tools
Security Training: #3 Threat Modelling - Practices and ToolsSecurity Training: #3 Threat Modelling - Practices and Tools
Security Training: #3 Threat Modelling - Practices and Tools
Yulian Slobodyan
 
Identity and Access Management Introduction
Identity and Access Management IntroductionIdentity and Access Management Introduction
Identity and Access Management Introduction
Aidy Tificate
 
Identity & Access Management - Securing Your Data in the 21st Century Enterprise
Identity & Access Management - Securing Your Data in the 21st Century EnterpriseIdentity & Access Management - Securing Your Data in the 21st Century Enterprise
Identity & Access Management - Securing Your Data in the 21st Century Enterprise
Lance Peterman
 
5. Identity and Access Management
5. Identity and Access Management5. Identity and Access Management
5. Identity and Access Management
Sam Bowne
 
5 Steps to a Zero Trust Network - From Theory to Practice
5 Steps to a Zero Trust Network - From Theory to Practice5 Steps to a Zero Trust Network - From Theory to Practice
5 Steps to a Zero Trust Network - From Theory to Practice
AlgoSec
 
The Software-Defined Network Story: Automation, Agility and Security
The Software-Defined Network Story: Automation, Agility and SecurityThe Software-Defined Network Story: Automation, Agility and Security
The Software-Defined Network Story: Automation, Agility and Security
Sirius
 

Más contenido relacionado

La actualidad más candente

Security Training: #3 Threat Modelling - Practices and Tools
Security Training: #3 Threat Modelling - Practices and ToolsSecurity Training: #3 Threat Modelling - Practices and Tools
Security Training: #3 Threat Modelling - Practices and Tools
Yulian Slobodyan
 

La actualidad más candente (20)

[Round table] zeroing in on zero trust architecture
[Round table] zeroing in on zero trust architecture[Round table] zeroing in on zero trust architecture
[Round table] zeroing in on zero trust architecture
 
Zero trust deck 2020
Zero trust deck 2020Zero trust deck 2020
Zero trust deck 2020
 
Zero trust in a hybrid architecture
Zero trust in a hybrid architectureZero trust in a hybrid architecture
Zero trust in a hybrid architecture
 
Debunked: 5 Myths About Zero Trust Security
Debunked: 5 Myths About Zero Trust SecurityDebunked: 5 Myths About Zero Trust Security
Debunked: 5 Myths About Zero Trust Security
 
Adopting A Zero-Trust Model. Google Did It, Can You?
Adopting A Zero-Trust Model. Google Did It, Can You?Adopting A Zero-Trust Model. Google Did It, Can You?
Adopting A Zero-Trust Model. Google Did It, Can You?
 
What is Zero Trust
What is Zero TrustWhat is Zero Trust
What is Zero Trust
 
Zero trust Architecture
Zero trust Architecture Zero trust Architecture
Zero trust Architecture
 
MITRE ATT&CK Framework
MITRE ATT&CK FrameworkMITRE ATT&CK Framework
MITRE ATT&CK Framework
 
Threat Intelligence
Threat IntelligenceThreat Intelligence
Threat Intelligence
 
What is zero trust model of information security?
What is zero trust model of information security?What is zero trust model of information security?
What is zero trust model of information security?
 
Threat Modeling In 2021
Threat Modeling In 2021Threat Modeling In 2021
Threat Modeling In 2021
 
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORKZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
 
Cloud security and security architecture
Cloud security and security architectureCloud security and security architecture
Cloud security and security architecture
 
Identity & access management
Identity & access managementIdentity & access management
Identity & access management
 
PaloAlto Enterprise Security Solution
PaloAlto Enterprise Security SolutionPaloAlto Enterprise Security Solution
PaloAlto Enterprise Security Solution
 
Vulnerability Management
Vulnerability ManagementVulnerability Management
Vulnerability Management
 
Security Training: #3 Threat Modelling - Practices and Tools
Security Training: #3 Threat Modelling - Practices and ToolsSecurity Training: #3 Threat Modelling - Practices and Tools
Security Training: #3 Threat Modelling - Practices and Tools
 
Identity and Access Management Introduction
Identity and Access Management IntroductionIdentity and Access Management Introduction
Identity and Access Management Introduction
 
Identity & Access Management - Securing Your Data in the 21st Century Enterprise
Identity & Access Management - Securing Your Data in the 21st Century EnterpriseIdentity & Access Management - Securing Your Data in the 21st Century Enterprise
Identity & Access Management - Securing Your Data in the 21st Century Enterprise
 
5. Identity and Access Management
5. Identity and Access Management5. Identity and Access Management
5. Identity and Access Management
 

Destacado

5 Steps to a Zero Trust Network - From Theory to Practice
5 Steps to a Zero Trust Network - From Theory to Practice5 Steps to a Zero Trust Network - From Theory to Practice
5 Steps to a Zero Trust Network - From Theory to Practice
AlgoSec
 
The Software-Defined Network Story: Automation, Agility and Security
The Software-Defined Network Story: Automation, Agility and SecurityThe Software-Defined Network Story: Automation, Agility and Security
The Software-Defined Network Story: Automation, Agility and Security
Sirius
 
Business Model For Information Security
Business Model For Information SecurityBusiness Model For Information Security
Business Model For Information Security
Marco Raposo
 
Patterns and Antipatterns in Enterprise Security
Patterns and Antipatterns in Enterprise SecurityPatterns and Antipatterns in Enterprise Security
Patterns and Antipatterns in Enterprise Security
WSO2
 
Understand How Machine Learning Defends Against Zero-Day Threats
Understand How Machine Learning Defends Against Zero-Day ThreatsUnderstand How Machine Learning Defends Against Zero-Day Threats
Understand How Machine Learning Defends Against Zero-Day Threats
Rahul Mohandas
 
Modelling Security Architecture
Modelling Security ArchitectureModelling Security Architecture
Modelling Security Architecture
narenvivek
 
Blockchain_ver0.5_MIT_security_and Privacy_am_final_upload
Blockchain_ver0.5_MIT_security_and Privacy_am_final_uploadBlockchain_ver0.5_MIT_security_and Privacy_am_final_upload
Blockchain_ver0.5_MIT_security_and Privacy_am_final_upload
Anish Mohammed
 

Destacado (20)

5 Steps to a Zero Trust Network - From Theory to Practice
5 Steps to a Zero Trust Network - From Theory to Practice5 Steps to a Zero Trust Network - From Theory to Practice
5 Steps to a Zero Trust Network - From Theory to Practice
 
The Software-Defined Network Story: Automation, Agility and Security
The Software-Defined Network Story: Automation, Agility and SecurityThe Software-Defined Network Story: Automation, Agility and Security
The Software-Defined Network Story: Automation, Agility and Security
 
Business Model For Information Security
Business Model For Information SecurityBusiness Model For Information Security
Business Model For Information Security
 
PEST Analysis for Security
PEST Analysis for SecurityPEST Analysis for Security
PEST Analysis for Security
 
DWS16 - Smart city forum - Niels De Schutter, Atos
DWS16 - Smart city forum - Niels De Schutter, AtosDWS16 - Smart city forum - Niels De Schutter, Atos
DWS16 - Smart city forum - Niels De Schutter, Atos
 
Trust No One: The New Security Model for Web APIs - SecTor talk by Greg Kliew...
Trust No One: The New Security Model for Web APIs - SecTor talk by Greg Kliew...Trust No One: The New Security Model for Web APIs - SecTor talk by Greg Kliew...
Trust No One: The New Security Model for Web APIs - SecTor talk by Greg Kliew...
 
Web application security: how to start?
Web application security: how to start?Web application security: how to start?
Web application security: how to start?
 
Leverage Micro-Segmentation to Build a Zero Trust Network (Forrester)
Leverage Micro-Segmentation to Build a Zero Trust Network (Forrester)Leverage Micro-Segmentation to Build a Zero Trust Network (Forrester)
Leverage Micro-Segmentation to Build a Zero Trust Network (Forrester)
 
IoT And Inevitable Decentralization of The Internet
IoT And Inevitable Decentralization of The InternetIoT And Inevitable Decentralization of The Internet
IoT And Inevitable Decentralization of The Internet
 
Patterns and Antipatterns in Enterprise Security
Patterns and Antipatterns in Enterprise SecurityPatterns and Antipatterns in Enterprise Security
Patterns and Antipatterns in Enterprise Security
 
The End of the Fortress: The new Approach to Cybersecurity
The End of the Fortress: The new Approach to CybersecurityThe End of the Fortress: The new Approach to Cybersecurity
The End of the Fortress: The new Approach to Cybersecurity
 
SABSA: Key features, advantages & benefits summary
SABSA: Key features, advantages & benefits summarySABSA: Key features, advantages & benefits summary
SABSA: Key features, advantages & benefits summary
 
Understand How Machine Learning Defends Against Zero-Day Threats
Understand How Machine Learning Defends Against Zero-Day ThreatsUnderstand How Machine Learning Defends Against Zero-Day Threats
Understand How Machine Learning Defends Against Zero-Day Threats
 
Modelling Security Architecture
Modelling Security ArchitectureModelling Security Architecture
Modelling Security Architecture
 
Improving web application security, part ii
Improving web application security, part iiImproving web application security, part ii
Improving web application security, part ii
 
Information security policy_2011
Information security policy_2011Information security policy_2011
Information security policy_2011
 
Simplifying the secure data center
Simplifying the secure data centerSimplifying the secure data center
Simplifying the secure data center
 
Blockchain_ver0.5_MIT_security_and Privacy_am_final_upload
Blockchain_ver0.5_MIT_security_and Privacy_am_final_uploadBlockchain_ver0.5_MIT_security_and Privacy_am_final_upload
Blockchain_ver0.5_MIT_security_and Privacy_am_final_upload
 
From Business Architecture to Security Architecture
From Business Architecture to Security ArchitectureFrom Business Architecture to Security Architecture
From Business Architecture to Security Architecture
 
Application Security Architecture and Threat Modelling
Application Security Architecture and Threat ModellingApplication Security Architecture and Threat Modelling
Application Security Architecture and Threat Modelling
 

Similar a The Zero Trust Model of Information Security

IBM Infosphere Guardium - Database Security
IBM Infosphere Guardium - Database SecurityIBM Infosphere Guardium - Database Security
IBM Infosphere Guardium - Database Security
ebuc
 
Identity systems
Identity systemsIdentity systems
Identity systems
Jim Fenton
 
Juniper Provision - 13martie2012
Juniper Provision - 13martie2012Juniper Provision - 13martie2012
Juniper Provision - 13martie2012
Agora Group
 
Next Gen Data Center Implementing Network Storage with Server Blades, Cluster...
Next Gen Data Center Implementing Network Storage with Server Blades, Cluster...Next Gen Data Center Implementing Network Storage with Server Blades, Cluster...
Next Gen Data Center Implementing Network Storage with Server Blades, Cluster...
IMEX Research
 
DSS ITSEC Conference 2012 - SIEM Q1 Labs IBM Security Systems Intelligence
DSS ITSEC Conference 2012 - SIEM Q1 Labs IBM Security Systems IntelligenceDSS ITSEC Conference 2012 - SIEM Q1 Labs IBM Security Systems Intelligence
DSS ITSEC Conference 2012 - SIEM Q1 Labs IBM Security Systems Intelligence
Andris Soroka
 
SmartCard Forum 2011 - Evolution of authentication market
SmartCard Forum 2011 - Evolution of authentication marketSmartCard Forum 2011 - Evolution of authentication market
SmartCard Forum 2011 - Evolution of authentication market
OKsystem
 
AWS Partner Presentation - TrendMicro - Securing your Journey to the Cloud, A...
AWS Partner Presentation - TrendMicro - Securing your Journey to the Cloud, A...AWS Partner Presentation - TrendMicro - Securing your Journey to the Cloud, A...
AWS Partner Presentation - TrendMicro - Securing your Journey to the Cloud, A...
Amazon Web Services
 
Track 2, session 5, aligning security with business kartik shahani
Track 2, session 5, aligning security with business kartik shahaniTrack 2, session 5, aligning security with business kartik shahani
Track 2, session 5, aligning security with business kartik shahani
EMC Forum India
 
Cisco tec chris young - security intelligence operations
Cisco tec chris young - security intelligence operationsCisco tec chris young - security intelligence operations
Cisco tec chris young - security intelligence operations
Cisco Public Relations
 
Telesemana ce nominum:mef
Telesemana ce nominum:mefTelesemana ce nominum:mef
Telesemana ce nominum:mef
Rafael Junquera
 
Information Security
Information SecurityInformation Security
Information Security
Mohit8780
 

Similar a The Zero Trust Model of Information Security (20)

Cat6500 Praesentation
Cat6500 PraesentationCat6500 Praesentation
Cat6500 Praesentation
 
S series presentation
S series presentationS series presentation
S series presentation
 
IBM Infosphere Guardium - Database Security
IBM Infosphere Guardium - Database SecurityIBM Infosphere Guardium - Database Security
IBM Infosphere Guardium - Database Security
 
Fast Pitch Forum (VANTOS)
Fast Pitch Forum (VANTOS)Fast Pitch Forum (VANTOS)
Fast Pitch Forum (VANTOS)
 
Identity systems
Identity systemsIdentity systems
Identity systems
 
Juniper Provision - 13martie2012
Juniper Provision - 13martie2012Juniper Provision - 13martie2012
Juniper Provision - 13martie2012
 
Next Gen Data Center Implementing Network Storage with Server Blades, Cluster...
Next Gen Data Center Implementing Network Storage with Server Blades, Cluster...Next Gen Data Center Implementing Network Storage with Server Blades, Cluster...
Next Gen Data Center Implementing Network Storage with Server Blades, Cluster...
 
Data Breach from the Inside Out
Data Breach from the Inside Out Data Breach from the Inside Out
Data Breach from the Inside Out
 
DSS ITSEC Conference 2012 - SIEM Q1 Labs IBM Security Systems Intelligence
DSS ITSEC Conference 2012 - SIEM Q1 Labs IBM Security Systems IntelligenceDSS ITSEC Conference 2012 - SIEM Q1 Labs IBM Security Systems Intelligence
DSS ITSEC Conference 2012 - SIEM Q1 Labs IBM Security Systems Intelligence
 
SmartCard Forum 2011 - Evolution of authentication market
SmartCard Forum 2011 - Evolution of authentication marketSmartCard Forum 2011 - Evolution of authentication market
SmartCard Forum 2011 - Evolution of authentication market
 
Sådan undgår du misbrug af kundedata og fortrolig information
Sådan undgår du misbrug af kundedata og fortrolig informationSådan undgår du misbrug af kundedata og fortrolig information
Sådan undgår du misbrug af kundedata og fortrolig information
 
Securing UC Borders with Acme Packet
Securing UC Borders with Acme PacketSecuring UC Borders with Acme Packet
Securing UC Borders with Acme Packet
 
Bapinger Network Security
Bapinger Network SecurityBapinger Network Security
Bapinger Network Security
 
AWS Partner Presentation - TrendMicro - Securing your Journey to the Cloud, A...
AWS Partner Presentation - TrendMicro - Securing your Journey to the Cloud, A...AWS Partner Presentation - TrendMicro - Securing your Journey to the Cloud, A...
AWS Partner Presentation - TrendMicro - Securing your Journey to the Cloud, A...
 
F5's IP Intelligence Service
F5's IP Intelligence ServiceF5's IP Intelligence Service
F5's IP Intelligence Service
 
Track 2, session 5, aligning security with business kartik shahani
Track 2, session 5, aligning security with business kartik shahaniTrack 2, session 5, aligning security with business kartik shahani
Track 2, session 5, aligning security with business kartik shahani
 
Cisco tec chris young - security intelligence operations
Cisco tec chris young - security intelligence operationsCisco tec chris young - security intelligence operations
Cisco tec chris young - security intelligence operations
 
Telesemana ce nominum:mef
Telesemana ce nominum:mefTelesemana ce nominum:mef
Telesemana ce nominum:mef
 
Bulding Soc In Changing Threat Landscapefinal
Bulding Soc In Changing Threat LandscapefinalBulding Soc In Changing Threat Landscapefinal
Bulding Soc In Changing Threat Landscapefinal
 
Information Security
Information SecurityInformation Security
Information Security
 

Más de Tripwire

Defend Your Data Now with the MITRE ATT&CK Framework
Defend Your Data Now with the MITRE ATT&CK FrameworkDefend Your Data Now with the MITRE ATT&CK Framework
Defend Your Data Now with the MITRE ATT&CK Framework
Tripwire
 

Más de Tripwire (20)

Mind the Cybersecurity Gap - Why Compliance Isn't Enough
Mind the Cybersecurity Gap - Why Compliance Isn't EnoughMind the Cybersecurity Gap - Why Compliance Isn't Enough
Mind the Cybersecurity Gap - Why Compliance Isn't Enough
 
Data Privacy Day 2022: Tips to Ensure Data Privacy
Data Privacy Day 2022: Tips to Ensure Data PrivacyData Privacy Day 2022: Tips to Ensure Data Privacy
Data Privacy Day 2022: Tips to Ensure Data Privacy
 
Key Challenges Facing IT/OT: Hear From The Experts
Key Challenges Facing IT/OT: Hear From The ExpertsKey Challenges Facing IT/OT: Hear From The Experts
Key Challenges Facing IT/OT: Hear From The Experts
 
Tripwire Energy Working Group: TIV Demo
Tripwire Energy Working Group: TIV Demo Tripwire Energy Working Group: TIV Demo
Tripwire Energy Working Group: TIV Demo
 
Tripwire Energy Working Group Session w/Dale Peterson
Tripwire Energy Working Group Session w/Dale PetersonTripwire Energy Working Group Session w/Dale Peterson
Tripwire Energy Working Group Session w/Dale Peterson
 
Tripwire Energy Working Group: CIP Solutions and Baseline Walk-Through
Tripwire Energy Working Group: CIP Solutions and Baseline Walk-Through Tripwire Energy Working Group: CIP Solutions and Baseline Walk-Through
Tripwire Energy Working Group: CIP Solutions and Baseline Walk-Through
 
Tripwire Energy Working Group: Customer Session with Chase Cole
Tripwire Energy Working Group: Customer Session with Chase ColeTripwire Energy Working Group: Customer Session with Chase Cole
Tripwire Energy Working Group: Customer Session with Chase Cole
 
Tripwire Energy Working Group: Keynote w/Patrick Miller
Tripwire Energy Working Group: Keynote w/Patrick Miller Tripwire Energy Working Group: Keynote w/Patrick Miller
Tripwire Energy Working Group: Keynote w/Patrick Miller
 
World Book Day: Cybersecurity’s Quietest Celebration
World Book Day: Cybersecurity’s Quietest CelebrationWorld Book Day: Cybersecurity’s Quietest Celebration
World Book Day: Cybersecurity’s Quietest Celebration
 
Tripwire Retail Security 2020 Survey: Key Findings
Tripwire Retail Security 2020 Survey: Key FindingsTripwire Retail Security 2020 Survey: Key Findings
Tripwire Retail Security 2020 Survey: Key Findings
 
Key Findings: Tripwire COVID-19 Cybersecurity Impact Report
Key Findings: Tripwire COVID-19 Cybersecurity Impact ReportKey Findings: Tripwire COVID-19 Cybersecurity Impact Report
Key Findings: Tripwire COVID-19 Cybersecurity Impact Report
 
The Adventures of Captain Tripwire: Coloring Book!
The Adventures of Captain Tripwire: Coloring Book!The Adventures of Captain Tripwire: Coloring Book!
The Adventures of Captain Tripwire: Coloring Book!
 
Industrial Cybersecurity: Practical Tips for IT & OT Collaboration
Industrial Cybersecurity: Practical Tips for IT & OT CollaborationIndustrial Cybersecurity: Practical Tips for IT & OT Collaboration
Industrial Cybersecurity: Practical Tips for IT & OT Collaboration
 
The Adventures of Captain Tripwire #1: Captain Tripwire Faces the Indefensibl...
The Adventures of Captain Tripwire #1: Captain Tripwire Faces the Indefensibl...The Adventures of Captain Tripwire #1: Captain Tripwire Faces the Indefensibl...
The Adventures of Captain Tripwire #1: Captain Tripwire Faces the Indefensibl...
 
Tripwire 2019 Skills Gap Survey: Key Findings
Tripwire 2019 Skills Gap Survey: Key FindingsTripwire 2019 Skills Gap Survey: Key Findings
Tripwire 2019 Skills Gap Survey: Key Findings
 
A Look Back at 2018: The Most Memorable Cyber Moments
A Look Back at 2018: The Most Memorable Cyber MomentsA Look Back at 2018: The Most Memorable Cyber Moments
A Look Back at 2018: The Most Memorable Cyber Moments
 
Time for Your Compliance Check-Up: How Mercy Health Uses Tripwire to Pass Audits
Time for Your Compliance Check-Up: How Mercy Health Uses Tripwire to Pass AuditsTime for Your Compliance Check-Up: How Mercy Health Uses Tripwire to Pass Audits
Time for Your Compliance Check-Up: How Mercy Health Uses Tripwire to Pass Audits
 
Tripwire State of Cyber Hygiene 2018 Report: Key Findings
Tripwire State of Cyber Hygiene 2018 Report: Key FindingsTripwire State of Cyber Hygiene 2018 Report: Key Findings
Tripwire State of Cyber Hygiene 2018 Report: Key Findings
 
Defend Your Data Now with the MITRE ATT&CK Framework
Defend Your Data Now with the MITRE ATT&CK FrameworkDefend Your Data Now with the MITRE ATT&CK Framework
Defend Your Data Now with the MITRE ATT&CK Framework
 
Defending Critical Infrastructure Against Cyber Attacks
Defending Critical Infrastructure Against Cyber AttacksDefending Critical Infrastructure Against Cyber Attacks
Defending Critical Infrastructure Against Cyber Attacks
 

Último

Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Angeliki Cooney
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
UiPathCommunity
 

Último (20)

Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 

The Zero Trust Model of Information Security

  • 1. The Zero Trust Model of Information Security
  • 2. John Kindervag Forrester Research Cindy Valladares Tripwire, Inc.
  • 3. Today’s Speakers Senior Analyst
  • 4. No More Chewy Centers: The Zero-Trust Model Of Information Security John Kindervag, Senior Analyst 4 © 2010 Forrester Research, Inc. Reproduction Prohibited 2009
  • 5. Agenda New threat landscape Something’s broken New trust models Summary 5 © 2010 Forrester Research, Inc. Reproduction Prohibited
  • 6. Agenda New threat landscape Something’s broken New trust models Summary 6 © 2010 Forrester Research, Inc. Reproduction Prohibited
  • 7. What do they have in common? 7 © 2010 Forrester Research, Inc. Reproduction Prohibited
  • 8. New threat landscape  Question: “Why do you rob banks?”  Answer: “Because that’s where the money is.” 8 © 2010 Forrester Research, Inc. Reproduction Prohibited
  • 9. Where the money is . . .  Credit card theft  Identity theft/fraud  SPAM/botnets  Web 2.0 (user-generated content) 9 © 2010 Forrester Research, Inc. Reproduction Prohibited
  • 10. The “Philip Cummings” problem  Philip Cummings was a help desk staffer at TeleData Communication, Inc. (TCI), 1999 to 2000.  TCI is a software provider for credit bureaus such as Experian and Equifax.  Cummings had access to client passwords and subscription codes. 10 © 2010 Forrester Research, Inc. Reproduction Prohibited
  • 11. The “Philip Cummings” problem (cont.)  Cummings was offered $60 per credit report by Nigerian nationals (organized crime).  Cummings provided a laptop preprogrammed to download credit reports from Experian, Equifax, and TransUnion.  The crimes took place between 2000 and 2003 (Cummings left his job in 2000). 11 © 2010 Forrester Research, Inc. Reproduction Prohibited
  • 12. The “Philip Cummings” problem (cont.)  Discovered by Ford Motor Credit Company in 2003  30,000 identities stolen  At least $2.7 million loss (FBI data)  Cummings sentenced to 14 years in prison and $1 million fine  Biggest identity theft in US history 12 © 2010 Forrester Research, Inc. Reproduction Prohibited
  • 13. 13 © 2010 Forrester Research, Inc. Reproduction Prohibited
  • 14. 14 © 2010 Forrester Research, Inc. Reproduction Prohibited
  • 15. Agenda New threat landscape Something’s broken New trust models Summary Other item 15 © 2010 Forrester Research, Inc. Reproduction Prohibited
  • 16. Plenty of controls Home Users Internet Business Parters Remote Wireless Users IDS Tap Router Firewall IPSEC VPN SSL VPN Two-Factor Switch IDS Tap Web Application Authentication Firewall Web Server Farm IDS Tap Patch RNA Console Management IDS Tap IDS Tap Content Filtering FTP Server Email Server Intrusion Security Switch Detection Information Server DMZ Console Manager Switch Wireless Gateway Wireless Anti-Virus Management Console IDS Tap Console Internal Users Management Segment Corporate Wireless Network Internal Server Farm 16 © 2010 Forrester Research, Inc. Reproduction Prohibited
  • 17. What’s broken? 17 © 2010 Forrester Research, Inc. Reproduction Prohibited
  • 18. Which one goes to the Internet? UNTRUSTED TRUSTED 18 © 2010 Forrester Research, Inc. Reproduction Prohibited
  • 19. “Trust but verify?” 19 © 2010 Forrester Research, Inc. Reproduction Prohibited
  • 20. What’s broken? Trust model 20 © 2010 Forrester Research, Inc. Reproduction Prohibited
  • 21. 2010 breaches — malicious insider 21 © 2010 Forrester Research, Inc. Reproduction Prohibited
  • 22. The cost of a breach Source: April 10, 2007, “Calculating The Cost Of A Security Breach” Forrester report 22 © 2010 Forrester Research, Inc. Reproduction Prohibited
  • 23. TJX accrued expenses (10k) — 2008 Source: January 11, 2010, “PCI Unleashed” Forrester report 23 © 2010 Forrester Research, Inc. Reproduction Prohibited
  • 24. How do we fix it? 24 © 2010 Forrester Research, Inc. Reproduction Prohibited
  • 25. Agenda New threat landscape Something’s broken New trust models Summary 25 © 2010 Forrester Research, Inc. Reproduction Prohibited
  • 26. Zero trust UNTRUSTED UNTRUSTED 26 © 2010 Forrester Research, Inc. Reproduction Prohibited
  • 27. Concepts of zero trust  All resources are accessed in a secure manner, regardless of location.  Access control is on a “need-to-know” basis and is strictly enforced.  Verify and never trust.  Inspect and log all traffic.  The network is designed from the inside out. 27 © 2010 Forrester Research, Inc. Reproduction Prohibited
  • 28. Inspect and log everything IPS WAF IPS Web IPS Server farm farm WLAN GW IPS DAM DB farm IPS SIM NAV MGMT DAN server WAN 28 © 2010 Forrester Research, Inc. Reproduction Prohibited
  • 29. 29 © 2010 Forrester Research, Inc. Reproduction Prohibited
  • 30. 30 © 2010 Forrester Research, Inc. Reproduction Prohibited
  • 31. Agenda New threat landscape Something’s broken New trust models Summary 31 © 2010 Forrester Research, Inc. Reproduction Prohibited
  • 32. Strong perimeters = new threat vectors  The threat landscape is changing — beyond the perimeter.  Organized crime is bribing insiders.  Security must become ubiquitous throughout your infrastructure. 32 © 2010 Forrester Research, Inc. Reproduction Prohibited
  • 33. Recommendations  New paradigm — data-centric security  Zero trust — “Verify, but don’t trust!”  Inspect and log all traffic.  Design with compliance in mind. 33 © 2010 Forrester Research, Inc. Reproduction Prohibited
  • 34. A blueprint for making it real The next 90 days • Eliminate the word “trust” from your vocabulary. • Find your critical data, and map your data flows. • Tell people you will be watching their data access activity. • Review who should be allowed specific data access. 34 34 contents © 2010 Forrester Research,Reproduction Prohibited Entire © 2010 Forrester Research, Inc. Inc. All rights reserved.
  • 35. A blueprint for making it real Longer term • Create a data acquisition network (DAN). • Segment your network to ease your security and compliance burden. • Begin rebuilding your network to reflect the zero-trust concepts. 35 35 contents © 2010 Forrester Research,Reproduction Prohibited Entire © 2010 Forrester Research, Inc. Inc. All rights reserved.
  • 36. Thank you John Kindervag +1 469.221.5372 jkindervag@forrester.com Twitter: @Kindervag www.forrester.com © 2009 Forrester Research, Inc. Reproduction Prohibited
  • 37. John Kindervag www.tripwire.com Forrester Research E-mail : jkindervag@forrester.com

Notas del editor

  1. Source: Justice.gov (http://www.usdoj.gov/usao/gan/press/2009/09-16-09c.pdf)
  2. Source: Justice.gov (http://www.usdoj.gov/usao/gan/press/2009/09-16-09c.pdf)
  3. Source: Data Loss (www.datalossdb.org)